Why is my password emailed to me after changing it?

Tutor

Why is my password emailed to me after changing it?

I was surprised to get an email with my password in the clear after resetting it from my iPad.

Email is by no means secure.  This policy is VERY bad.

 

Can somebody from AT&T comment?

 

Thanks.

Message 1 of 23 (1,062 Views)
ACE - Professor

Re: Why is my password emailed to me after changing it?


harryspar wrote:
Yes, it was an error to introduce any extra information into the thread. It distracts from the main topic and tempts nitpickers.

It's not that introducing extra information is bad, but trying to use that extra information to support an assertion it doesn't is intellectually dishonest. 

 

The links do not support lax security within AT&T. There's no indication in either case that the fraudsters had any information from AT&T to perpetuate their scams. 

*The views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.
Message 16 of 23 (658 Views)
Highlighted

Re: Why is my password emailed to me after changing it?

Maybe you missed the words "I wonder if" in that post. That is what we call a question, a conjecture. Nobody attempted to prove anything.

Yet you seize upon the opportunity to make an elementary cognitive error by thinking that if you can point out that the conjecture is not proven then it's OK to not encryt our data on thier servers.

They might be leaking data to scammers. They might not. We don't know. What's important is that it's a breach waiting to happen when you don't hash and salt.

Nuff said.
Message 17 of 23 (651 Views)
ACE - Professor

Re: Why is my password emailed to me after changing it?


harryspar wrote:
The callers already had the account holders' PII and account info even before asking any questions. This has nothing to do with caller ID spoofing and everything to do with loose security inside ATT.

.

What I was referring to...

*The views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.
Message 18 of 23 (649 Views)
ACE - Professor

Re: Why is my password emailed to me after changing it?


bacoboy wrote:

aBenjamin wrote:

Where did you change your password? From the myAT&T app or from the website? 


Neither.  I changed it on the iPad.

 

Settings -> Cellular Data -> View Account -> (then login) -> Edit User & Payment Information


What information could someone get from that? If there's not sensitive information that could be obtained, it's possible that AT&T chose customer convenience over security.  There was recently a discussion regarding this over on the Uverse boards; http://forums.att.com/t5/U-verse-General-Care-and-Support/Network-key-is-in-the-clear-http-lt-router...

*The views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.
Message 19 of 23 (648 Views)
Tutor

Re: Why is my password emailed to me after changing it?

[ Edited ]

MicCheck wrote:
What information could someone get from that? If there's not sensitive information that could be obtained, it's possible that AT&T chose customer convenience over security.  There was recently a discussion regarding this over on the Uverse boards; http://forums.att.com/t5/U-verse-General-Care-and-Support/Network-key-is-in-the-clear-http-lt-router...

If they aren't treating my password with due care, how do I know they are doing the same with my PII info?  Or my credit card number?  Security breaches happen all the time.

 

Email is not secure.  They are sending the entry mechanism into my account over an insecure channel.  Futhermore, they are storing it on their in the clear.  Unacceptable in 2013.

Message 20 of 23 (639 Views)
ACE - Professor

Re: Why is my password emailed to me after changing it?


bacoboy wrote:

MicCheck wrote:
What information could someone get from that? If there's not sensitive information that could be obtained, it's possible that AT&T chose customer convenience over security.  There was recently a discussion regarding this over on the Uverse boards; http://forums.att.com/t5/U-verse-General-Care-and-Support/Network-key-is-in-the-clear-http-lt-router...

If they aren't treating my password with due care, how do I know they are doing the same with my PII info?  Or my credit card number?  Security breaches happen all the time.

 

Email is not secure.  They are sending the entry mechanism into my account over an insecure channel.  Futhermore, they are storing it on their in the clear.  Unacceptable in 2013.


But what information could someone get with that password? Could someone with that password add a line? Get your credit card information?

*The views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.
Message 21 of 23 (618 Views)
Contributor

Re: Why is my password emailed to me after changing it?

Is that really the point here?

 

Post your password here then if you're that confident that it doesn't matter.

 

Message 22 of 23 (614 Views)
ACE - Professor

Re: Why is my password emailed to me after changing it?


Trencal wrote:

Is that really the point here?

 

Post your password here then if you're that confident that it doesn't matter.

 


I didn't say it didn't matter. I'm asking what information someone could get with that password, because I have no idea. 

 

 

*The views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.
Message 23 of 23 (612 Views)
Share this topic
Announcements

Welcome to the AT&T Community Forums!!! Stop by the Community How-To section for tips on how to get started.